[ Log4Shell ] At-Defense Research

par | Déc 14, 2021 | Bon à savoir, SOC, Threat research | 7 commentaires

Dear All,

These last days were marked by the « Most sensitive vulnerability ever published on Internet » aka Log4j. Our team of researchers and SOC analysts worked hard since friday to create detections rules and prevent exploitation for our SOC customers.

Due to the criticity of this vulnerability we decided to publish our detections tools and some of signatures to help the community facing this huge issue.

You can find them on :

https://github.com/e-XpertSolutions/atdefense-research/tree/master/log4shell

This repository contains: – Updated IOC – Threat Hunting tool developped for both Linux & Windows to identify potentially impacted servers, and compromissions For the windows version it also supports large scale deployments – IDS (Intrusion Detection System) rules fully developped by e-Xpert researchers with a new (and unseen approach). Indeed, all published rules will collect flood of external attacks (impossible to differentiate from sucess one) and so are not of great interest…

These new rules used a completely different approach relying on the detection of ingoing/outgoing external LDAP trafic used in >90% of exploitation attempts.

If you did not consider this vulnerability you should use our tools quickly.

We hope that you will enjoy, keep safe.

AT-Defense SOC Team
e-Xpert Solutions.

Routin David

fr_FR